Defined Type: sslcert::x509_to_pkcs12

Defined in:
modules/sslcert/manifests/x509_to_pkcs12.pp

Overview

Parameters:

  • public_key (Stdlib::Unixpath) (defaults to: "/etc/ssl/localcerts/${title}.crt")

    the location of the public key

  • private_key (Stdlib::Unixpath) (defaults to: "/etc/ssl/private/${title}.key")

    the location of the private key

  • outfile (Stdlib::Unixpath) (defaults to: "/etc/ssl/localcerts/${title}.p12")

    location to store the pkcs12 file

  • certfile (Optional[Stdlib::Unixpath]) (defaults to: undef)

    a certificate bundle to add to the exported file

  • ensure (Wmflib::Ensure) (defaults to: 'present')
  • password (String) (defaults to: '')
  • owner (String) (defaults to: 'root')
  • group (String) (defaults to: 'root')


6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'modules/sslcert/manifests/x509_to_pkcs12.pp', line 6

define sslcert::x509_to_pkcs12 (
    Wmflib::Ensure              $ensure      = 'present',
    Stdlib::Unixpath            $public_key  = "/etc/ssl/localcerts/${title}.crt",
    Stdlib::Unixpath            $private_key = "/etc/ssl/private/${title}.key",
    Stdlib::Unixpath            $outfile     = "/etc/ssl/localcerts/${title}.p12",
    String                      $password    = '',
    String                      $owner       = 'root',
    String                      $group       = 'root',
    Optional[Stdlib::Unixpath]  $certfile    = undef,
) {
    ensure_packages(['openssl'])
    $_certfile = $certfile ? {
        undef   => '',
        default => "-certfile ${certfile}",
    }
    $command = @("COMMAND"/L)
        /usr/bin/openssl pkcs12 -export ${_certfile} \
        -in ${public_key} \
        -inkey ${private_key} \
        -out ${outfile} \
        -password 'pass:${password}'
        | COMMAND
    if $ensure == 'present' {
        exec {"sslcert generate ${title}.p12":
            command => $command,
            unless  => "/usr/bin/openssl pkcs12 -in ${outfile} -password 'pass:${password}' -noout",
            require => Package['openssl'],
            before  => File[$outfile],
        }
    }
    file {$outfile:
        ensure => $ensure,
        owner  => $owner,
        group  => $group,
        mode   => '0440',
    }
}